Jump to content

My files are encrypted by .vtua Rasnomware


Recommended Posts

Hello there,

I need your help for really, my files are encrypted by some .vtua rasnomware, I tried alot of solutions but it just doesnt work, like you can see on this screenshot.  https://prnt.sc/1wk0j0i My whole PC is encrypted with that, I dont know what to do anymore.

Also I tried Emisoft Decryption Tool and this is what I got. https://prnt.sc/1wk0n14 It said that's some kind of "STOP (Djvu)" Rasnomware, okay. So I downloaded tool for this rasnomware from site, "decrypt_STOPDjvu.exe" and still nothing.

This is log when I try decrypt one picture by .jpg.vtua

File: C:\Users\King RT66\Desktop\New folder\20200626_234612_HDR.jpg.vtua
Error: No key for New Variant online ID: Yf3QVYKGirwvlRfbHI7dKgWsC5zdM0nhIFY6Nysm
Notice: this ID appears to be an online ID, decryption is impossible

Finished!
 

It said "decryption is impossible" but I have like 100gb of private/job data etc...

Please if someone can help be with this I will be really thankfull.

Best regards.

Link to comment
Share on other sites

Hello @Seyox,

 

Welcome to the Emsisoft Support Forums.

 

I understand it is frustrating, but currently, we are not aware of any ways to decrypt files with Online-ID and some recent forms of STOP(DJVU).

 

Please read this Topic. It contains information about your situation and whether or not your files can be decrypted.

https://support.emsisoft.com/topic/32045-about-the-stopdjvu-decrypter/

Link to comment
Share on other sites

There's the possibility that law enforcement may be able to catch the criminals and release their database of private keys, meaning that you could try again using tool in few weeks in case something changed.

 

We do not recommend paying the ransom unless there is absolutely no other choice. 22% of those who paid a ransom never got access to their data. 9% said they got hit with additional ransom demands after paying. We’re talking about criminals, after all.

 

Our recommendation is to save a backup of your encrypted files and keep it in a safe place in case decryption is possible at some point in the future.

 

Please review our Protection Guides at your leisure, they contain several tips on protecting your computer and data. https://blog.emsisoft.com/en/category/protection-guides/

 

We also recommend keeping an eye on BleepingComputer's newsfeed, as they will usually report on new developments with ransomware decrypters: https://www.bleepingcomputer.com/

 

If you have an RSS feed reader, then they also have an RSS feed so that you don't have to manually check for news: https://www.bleepingcomputer.com/feed/

  • Like 1
Link to comment
Share on other sites

On 10/18/2021 at 6:29 AM, Seyox said:

an online ID, decryption is impossible

Why did this happen?

This 'STOP Ransomware' enters the PC due to the fact that computer is poorly protected. People often use free antivirus programs with the 'Free' label in the name. None of these programs will protect PC from programs similar to 'STOP Ransomware', because basic protection is not capable of this feat.
If users used comprehensive protection of the 'Internet Security' class, then it would help protect PC from ransomware attacks.

There is no 100% protection against malware, but what the 'Free' antivirus gives is 1-2 percent protection. 

After this attack, PCs could have stayed other malware elements. This maybe is an info-stealer and something else. Therefore, it is urgent to conduct a full check and destroy malware.

Use an comprehensive anti-virus software such as Emsisoft Anti-Malware to effectively remove the malware. 
You can get a free trial 30-days version of Emsisoft Anti-Malware here: https://www.emsisoft.com/en/home/antimalware/

It will help you clean your PC from other malware for free.

!!! You need to neutralize all malicious files in the system. This should be done as quickly as possible. Otherwise, the files may be encrypted using the online ID and decryption will never be possible.

  • Like 1
Link to comment
Share on other sites

Only after neutralizing all malicious files ...

I recommend this following method only when there is no other way... 

This is not the decryption, it is the recovery of certain types of files using the features of these files.

1) If you have encrypted ZIP/RAR archives, you can partially recover them. Only 1-2 files are damaged there. Remove the extension that the ransomware added to the archives, and extract the files in the usual way. Everything except 1-2 files will be fixed. If there is only 1 file in the archive, then it will most likely be unrecoverable.

2) There is an alternative (additional) way to recover some media files:
WAV, MP3, MP4, M4V, MOV, 3GP.

https://www.disktuna.com/media_repair-file-repair-for-stop-djvu-mp3-mp4-3gp

But before trying the alternative variant with media files, it is recommended that you make a copy of the encrypted files. Something will be restored better, something will be restored worse. 

Some types of files can be opened (restored) using the application in which they were created. To do this, you must first remove the extension added by the ransomware. Then can try to open the file from the program in which it was created. If you open audio and video files in the editor, it will restore the structure, and upon closing it will offer to save the changes in the file.

3) If you have PDFs or files of other e-books, then they may suffer in part if they were not protected from manual modification. Therefore, after removing the added extension, they can be partially read (~ 80%).

Unfortunately, it is not yet possible to recover files created in MS Office applications due to their sensitivity to any damage. They can be easily damaged without encryption. It is easier to recover and read text written on paper or on the stone than one created in MS Office.

An alternative method for other files has not yet been found. I understand that this will not be enough, but recovering some of the files is better than to lose everything...

  • Like 1
Link to comment
Share on other sites

Thanks for reply once again!

I made backup of all my personal data on one HDD and unplugged him from computer, also did an new fresh windows 10 (with Emsisoft malware removal software and Avast Antivirus not free one, I bought full version) so fortunatelly I killed virus TOTALLY from my main system HDD, so I will wait few weeks until you (maybe) get key for .vtua ransomware and then plug in my HDD with encrypted data and try to decrypt them, is that good move?

I tried alot of recovery programs, restore files etc... But I cant even bring them back BECAUSE ransomware deleted all of my restoration points unfortunatelly, so I will wait for key and keep my encrypted data on offline HDD, I think that's good idea.

And of course I wont pay them anything.

Link to comment
Share on other sites

Only this Emsisoft provides a decryptor for files encrypted 'Stop Ransomware'.

Therefore, other decryption programs will not help.

Moreover, if you try other programs, then practice with copies. Otherwise, the encrypted files may be damaged so that you can no longer do decrypt, even if you have the key.

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...